Welcome to the Open Source Puppet NTP Quick Start Guide. This document provides instructions for getting started managing an NTP service using the Puppet NTP module.

The clocks on your servers are not inherently accurate. They need to synchronize with something to let them know what the right time is. NTP is a protocol designed to synchronize the clocks of computers over a network. NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times to within a millisecond.

Your entire datacenter, from the network to the applications, depends on accurate time for many different things, such as security services, certificate validation, and file sharing across Puppet agents. If the time is wrong, your Puppet master might mistakenly issue agent certificates from the distant past or future, which other agents will treat as expired.

NTP is one of the most crucial, yet easiest, services to configure and manage with Puppet. Using the Puppet NTP module, you can do the following tasks:

Ensure time is correctly synced across all the servers in your infrastructure.

Ensure time is correctly synced across your configuration management tools.

Roll out updates quickly if you need to change or specify your own internal NTP server pool.

Add Classes from the NTP Module to the Main Manifest

The NTP module contains several classes. Classes are named chunks of Puppet code and are the primary means by which Puppet configures nodes. The NTP module contains the following classes:

ntp: the main class; this class includes all other NTP classes (including the classes in this list).

ntp::install: this class handles the installation packages.

ntp::config: this class handles the configuration file.

ntp::service: this class handles the service.

You’re going to add the ntp class to the default node in your main manifest. Depending on your needs or infrastructure, you might have a different group that you’ll assign NTP to, but you would take similar steps.

To create the NTP class:

From the command line on the Puppet master, navigate to the main manifest: cd /etc/puppetlabs/code/environments/production/manifests.

Note: If you already have a default node, just add the class and servers lines to it.
To see a list of other time servers, visit http://www.pool.ntp.org/.

From the command line on your Puppet agent, trigger a Puppet run with puppet agent -t.

That’s it! You’ve successfully configured Puppet to use NTP.

To check if the NTP service is running, run puppet resource service ntpd on your Puppet agent. The output should be:

service { 'ntpd':
ensure => 'running',
enable => 'true',
}

Use Multiple Nodes to Configure NTP for Different Permissions

Until now, you’ve been using the default node in this Quick Start Guide. If you want to configure the NTP service to run differently on different nodes, you can set up NTP differently in multiple nodes in the site.pp file.

In the example below, two ntp servers in the organization are allowed to talk to outside time servers (“kermit” and “grover”). Other ntp servers get their time data from these two servers. One of the primary ntp servers, “kermit”, is very cautiously configured — it can’t afford outages, so it’s not allowed to automatically update its ntp server package without testing. The other servers are more permissively configured.

The other ntp servers (“snuffie,” “bigbird,” and “hooper”) will use our two primary servers to sync their time.